package com.example.nfctagcommons.server;

import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class TrustModifier {
	private static final TrustingHostnameVerifier TRUSTING_HOSTNAME_VERIFIER = new TrustingHostnameVerifier();
	private static SSLSocketFactory factory;
	private static final String TLS = "TLS";

	/** Call this with any HttpURLConnection, and it will 
    modify the trust settings if it is an HTTPS connection. */
	public static HttpsURLConnection relaxHostChecking(HttpsURLConnection httpsConnection) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
		SSLSocketFactory factory = prepFactory(httpsConnection);
		httpsConnection.setSSLSocketFactory(factory);
		httpsConnection.setHostnameVerifier(TRUSTING_HOSTNAME_VERIFIER);
		return httpsConnection;
	}

	static synchronized SSLSocketFactory prepFactory(HttpsURLConnection httpsConnection) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
		if (factory == null) {
			SSLContext ctx = SSLContext.getInstance(TLS);
			ctx.init(null, new TrustManager[]{ new AlwaysTrustManager() }, null);
			factory = ctx.getSocketFactory();
		}
		return factory;
	}
   
	private static final class TrustingHostnameVerifier implements HostnameVerifier {
		@Override
		public boolean verify(String hostname, SSLSession session) {
			return true;
		}
	}

	private static class AlwaysTrustManager implements X509TrustManager {
		@Override
		public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { }
		@Override
		public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { }
		@Override
		public X509Certificate[] getAcceptedIssuers() { return null; }      
	}
   
}